Friday, July 13, 2018

New iOS security feature can be defeated by a $39 adapter… sold by Apple

from https://hotforsecurity.bitdefender.com

Yesterday Apple released a brace of updates for its software – fixing bugs and patching security holes in the likes of MacOS, watchOS, tvOS, Safari, iTunes for Windows, iCloud for Windows, and iOS for iPhones and iPads.

The update for iOS, bringing it to version 11.4.1, is particularly interesting as it includes a new feature – “USB Restricted Mode.”

USB Restricted Mode is designed to disable an iPhone or iPad’s Lightning port, preventing it from transferring data, one hour after the device was last locked.

You can still charge your device after its Lightning port has been disabled, but you need to enter a smartphone’s password if you wish to use the port to transfer data to and from device.

A support advisory from Apple shares more details:

“Starting with iOS 11.4.1, if you use USB accessories with your iPhone, iPad, or iPod touch, or if you connect your device to a Mac or PC, you might need to unlock your device for it to recognize and use the accessory. Your accessory then remains connected, even if your device is subsequently locked.”

“If you don’t first unlock your password-protected iOS device — or you haven’t unlocked and connected it to a USB accessory within the past hour — your iOS device won’t communicate with the accessory or computer, and in some cases, it might not charge. You might also see an alert asking you to unlock your device to use accessories.”

Which sounds, of course, like bad news for law enforcement and intelligence agencies who may want to crack into a locked iPhone using tools like GrayKey. GrayKey, and similar tools, use the Lightning port to help anyone with physical access crack their way into a locked device – without having to manually guess the passcode.

Unfortunately for Apple, and customers who like to believe that their phone is private, a workaround has been discovered whereby police could prevent an iPhone or iPad entering USB Restricted Mode if they act quickly enough.

Researchers at Elcomsoft discovered that the one hour countdown timer can be reset simply by connecting the iPhone to an untrusted USB accessory:

“In other words, once the police officer seizes an iPhone, he or she would need to immediately connect that iPhone to a compatible USB accessory to prevent USB Restricted Mode lock after one hour. Importantly, this only helps if the iPhone has still not entered USB Restricted Mode.”

And where might you find such a compatible USB accessory that can prevent USB Restricted Mode from kicking in?

Look no further than Apple’s own online store, where the company will happily sell you a Lightning to USB 3 Camera Adapter for a mere $39. Chances are that there are even cheaper accessories which will do the job just as well.

Apple has successfully made the window of opportunity smaller for anyone (whether they be a member of law enforcement or not) to crack into an iPhone, but this discovery means that they have not closed it completely.

Apple will need to continue to strengthen the security and privacy of its mobile devices if it wishes to maintain its edge over many Android smartphones. Nice try with iOS 11.4.1 Apple, but we need you to do more.